sshd_config requires absolute paths

glassechidna · Dec 16, 2017 · 94d89b3 · 94d89b3
1 parent a0022d5
commit 94d89b3
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/ci/expected-output-host.txt b/ci/expected-output-host.txt
@@ -1,8 +1,8 @@
 arn:aws:ec2:ap-southeast-2:607481581596:instance/i-0272eed8c4230a5f7
 
-HostCertificate lkp-ci/ssh_host_rsa_key-cert.pub
-TrustedUserCAKeys lkp-ci/cert_authority.pub
-AuthorizedPrincipalsFile lkp-ci/authorized_principals
+HostCertificate /home/ec2-user/lkp-ci/ssh_host_rsa_key-cert.pub
+TrustedUserCAKeys /home/ec2-user/lkp-ci/cert_authority.pub
+AuthorizedPrincipalsFile /home/ec2-user/lkp-ci/authorized_principals
 lkp-ci/ssh_host_rsa_key-cert.pub:
         Type: [email protected] host certificate
         Public key: RSA-CERT 86:75:74:43:71:8e:d3:14:59:84:89:15:eb:41:28:1d

diff --git a/cmd/host.go b/cmd/host.go
@@ -14,6 +14,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"os"
 	"strings"
+	"path/filepath"
 )
 
 var hostCmd = &cobra.Command{
@@ -67,6 +68,12 @@ func hostSession() (*session.Session, error) {
 }
 
 func doit(hostKeyPath, signedHostKeyPath, caPubkeyPath, sshdConfigPath, authorizedPrincipalsPath, functionName, kmsKeyId, funcIdentity string, principals []string) error {
+	// we absolute-ize these paths because ssh requires paths in sshd_config to be absolute
+	authorizedPrincipalsPath, _ = filepath.Abs(authorizedPrincipalsPath)
+	caPubkeyPath, _ = filepath.Abs(caPubkeyPath)
+	signedHostKeyPath, _ = filepath.Abs(signedHostKeyPath)
+
+
 	hostKeyBytes, err := ioutil.ReadFile(hostKeyPath)
 	if err != nil {
 		return errors.Wrap(err, "reading ssh host key")